ASP.NET User Roles - Create and Assign Roles for AUTHORIZATION!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to tutorial at CU my name is Yannick and in this video you will learn how you can add user roads to your asp.net core applications so that you can assign roles to users to authorize them give them access to specific API endpoints for example or only show specific HTML content to them [Music] in one of our latest videos I showed you how you can add the identity so how you can add a registration and user functionality to your application from scratch right so this is basically the same project and we will go on from here but well in the end it's just a new asp.net core MVC web application so if I hit start right here we will be able to see that just in a second there we go and if I just go to the identity account register endpoint you can see that registration page but you can also use the MVC template that automatically implements the identity that's not a problem at all because in this video you will learn how you can create roads from scratch and assign them to users and then make use of them so that's really pretty much related to asp.net in general and not really related to the project itself so in order to get started the only thing that you really need is any kind of identity inside of your asp.net application so go ahead go into your program.cs and check if you have something like that right here Builder dot service add default identity now as I said we're using the true identity user delivered by asp.net core identity right so maybe you have created your own class and inherited from from the identity use or whatever but that's basically what we need in order to get started now that said let's create our roles very important now right before we call add Entity framework stores we want to go ahead and for the at default identity right here we also want to add dot add roads off type identity role so that we are able to create roles for our identity now let's scroll down right before we call app run what I want to do is I want to create a scope so I want to call using our scope equals to app.services dot create scope so in that way when you create a scope like this we are able to right now access the services that we have configured right here for example right so before we start the application we want to make sure that we add our rows so if you move the application to a new web server or whatever you will again make sure that all roads are getting created now this procedure is called seating so we are seating some initial data into our system now we can do that with some robots for example as we're doing it right here we can also do it with some accounts maybe you always want to have an admin account with the same email address every time all right doesn't matter which database is connected as soon as you switch the environment and start the application again for the very first time a new data or the new data elements will get seated again if you want to take your c-sharp skills to the next level check out our c-sharp progress Academy it's a unique and self-paced online course that teaches you asp.net core in depth with unit test testing angular and even c-sharp software design patterns we offer 14-day money-back guarantee and I'm absolutely sure that this is the fastest way on how you can progress as a c-sharp developer you can find the link in the description below or popping up right now at the top right corner now let's create a role manager and that's the essential part here so let's take the scope because we need access to our services so we go into the scope service provider now we get the required service that we want to have which is role manager now that role manager takes the identity role as a type right here that's the default role and now we can create an array I will zoom out I will just bring it into the next line of code just for you to really have it in one line of code visible right and now we can create robots let's create just a simple string array let's create a new array let's add three rows let's say admin well we will take the most common ones manager and we will also take member or user however you want to name it great so those are the roads now we have to seat them so let's just create simple for each loop I would just write down for each hit top top to create a well fold out right here and then we're gonna say VAR roll in rolls there we go alrighty now we have our roads right here and we want to add them to our system so let's just check if we already have those roles in our system because we don't want to have duplicates this gets cold every time we restart our application so we don't want to have like 100 admin roads 100 manager roads right well we can have users 100 admin users and 100 manager users and all of that that's not a problem I'm just talking about the real roles in our system we only want to have them once so let's check so check that exclamation mark here await now we take our row manager so if wait take the role manager dot roll exists async I want to check if a road with that string exists so let's say admin manager or member right and if it does not exist then we want to go ahead and again call await take the role manager and create asynchronous a new identity role with the name Road there we go so in the end if we don't have any roads provided we will create an admin role a manager role in the member world every time we reset our application and we do not have any roads provided yet now very important since we're using a weight right here scroll to the very top and check if you are running an asynchronous task there we go so this is a problem that does not work we have to provide a public static asynchronous task Main in order to be able to call a weight right here now let's start our application and we should be able to see our roles inside of our database great so the application has started now let me open up my database and here you can see all the identity tables ASP natural claims HP net roles ASP net user roles and asp.net users so what we are interested in right now is the ASP net road so right click on that and let's just view data and as I said we should be able to see all of our three roles right now okay so there we have them they have a unique identifier as I said in a normalized name right and now let's talk about those tables here so what we are interested in is asp.net roads which are all roads right then we have our asp.net users which are our user accounts so let's say I haven't and my private account would be like yannicked blah blah blah and then we have the asp.net user roads which is kind of a linking table for them so that we have Yannick has the role of admin right so this is stored right here if I just right click and view data we have nothing inside right now but you can see it's just consisting of two columns user ID and role ID so it would be my Yannick account ID and then the role ID of the row which is assigned let's take a look right here for example for the manager role it would be like that unique identifier right here which is highlighted right now so this is how it is working so the true question right now is how can we assign a role to a specific user now for this tutorial we will just do that also in the program.cs but you can really do it anywhere else in your code in any controller or wherever you want to have it just keep in mind that right now we are using the scope right here to get the role manager well if you want to have that role manager in a controller you can just use it from the dependency injection so you can just get an instance from that by using the Constructor and grabbing an instance from it from the dependency injection and if you have no clue about it go ahead and check out our dependency injection video related to asp.net core that's very important so okay now that said since we are already seeding our roads right here we can also see the counts and that's a pretty common practice so let's say every time you restart your application or move to a new environment you want to make sure that you have an admin an admin account like admin admin.com and he has the admin role in admin rights right so as I said a pretty common practice so let's go ahead and do that real quick so now let's copy that over let's create a new using right below we create a scope again this time we don't take a role manager now we take a user manager get required service user manager of type not identity role but just scroll up and you can see that we're using the identity user right so this is what we want to take here user manager of identity user now um make sure that you are in the correct using so don't replace your roles right here now we don't need any of that so let's remove it so if we want to create an account we should now check if it is already existing in our database so if we create an admin account let's say admin atadmin.com we don't want to create it every time we just start our application we only want to have this account a single time in our well current environment so this is why we again write down an if statement and add in a weight so if wait now we take the user manager and we can check if an account is existing in our environment or in our database and we have several uh different methods for that but let's simply call find by email you could also call find buy ID find by name but we take font by email async and as I said like I want to have that email let me just create a string let me write down email and it is admin at admin.com and just to make it as nice formatted as possible I will also write down a password Here and would make sure that you're now following along the password guidelines or the policy that it's well set up by default in your application so we have to add a capital letter let's say for example T Let's test then we have some digits here and then we have a special character let's add a comma for example just make sure that you're following along those guidelines because if you don't do that you will not be able to register an account so we will check if we have that account by email so we'll put in the email here and that one should be null let's open up the curly braces here and we want to create an account now so let's create a new user and that's a new identity user so whatever type of user you have if you just use the default one it's the identity user so create one or take the user dot username and send it to the email and take the user dot email and also set it to the email now afterwards you cannot set the password right here take the user manager so user manager dot create async right so we want to create an account asynchronous and we simply put in the user here and the password from above now we can for sure wait no worries we already set the main method to be a task and asynchronous task so and finally and now this is for sure the reason that you are here is I want to show you how you can now assign a role to an account so right now we created an account and make sure that you always for sure get the account before you can assign a role so the user manager as I said right here offers some methods that help you find an account and once you get the account you can simply take the user manager again not the row manager so you take the user manager called the method which is called add to role so we simply add a user to a specific role so we put in the user here again after got created right so here we create the user here we really created in our database so afterwards it's a valid account so we can take it and add it to a role by string we want to put that user into the admin role now also this one is async so let's wait for it awesome now let's just get to it again so we take our user manager we search for that account and if we have that account not found in our environment we will create a new user we will register that user that's we're doing it manually here right and then we add that user to a specific role great so now as I said and then I really want to throw in a different story let me just scroll up very important by default you can see that if you want to log in options options sign in required confirmed account so this is at the default identity sometimes especially in the early stages of development it's important to set this to force so that you can log in in an account which has the email address not confirmed so I just leave that open for a second here you can copy that over it's in the options for the add default identity right so require confront account set to false now if we scroll down you can see that right here if we set up the user we could also say email confirmed equals to true that will be sorry that would be another way to have a workaround on that right but let's just remove it so let's start our application and then check our database so when I go to the table asp.net users make sure to also do that in and I update here you can see that an admin account now got created and if I open up the database again and go to ASP net user roles remember that's the kind of linking table right click view data and you should now be able to see user ID and the role ID and this is basically admin at admin.com and roll ID admin so this is now stored inside of our environment great so now you have created roles you see that the user and you assigned a role to that user everything is inside of here you can see it now how can we use that for authorization so let's say for example when I go to the um to the start page to the index page let me just share that right here it applies for everything if you have an API controller that's fine I right now have MVC so that's also fine but as I said that's related to asp.net and not really to web app to the web app template or to MVC template or razor Pages or whatever it applies to everything let me just show you our page so I open up controllers home controller and now I have several ways to secure or to authorize my controller first of all if I secure that on the controller level I can simply put in authorize that one is like the the core part so you can only access anything from that home controller if you are logged in okay the role does not matter but you have to be logged in now if we want to add a row to it we just add parenthesis and say rolls equals to and now we can add just a string for example we could say like member so right now we only have an admin account so if I now start the application it automatically redirects me to the login page because the home page cannot be called because I have to be logged in now I logged in with my admin account and you can see access denied so I'm not able to get access to this page and that's totally fine because our controller can only be accessed by people who have the member role right even though it doesn't make sense not important just shows that it's working so if I now changed it over to the admin and start it again and log in as an admin I will be able to get access to all of the functionality from the home controller and this applies on the controller level but also on the Action level so you will see that just in a second I would just bring that here I'm logged in you can now see I can navigate around because I'm logged in as an administrator now if I close that I can also bring that authorized to the index or to the Privacy let's take the Privacy page right here it's only visible for member or manager or whatever we could also say manager but as long as I'm logged in in my admin account I will now not be able to view it right as I said I just want to show you how this authorization or this authorized comment that we are using right here is working so the index page is working so home that's fine because it's not authorized for any role but now if I go to privacy you can see access tonight because I'm in the wrong road awesome so you can think about your own Logic for sure right but as I said it's really just about how roles are working now that said there's one more thing that we need to talk about and that's really specific to razor Pages or CS HTML in general so that you know how to really show specific information for specific user roads let's go into our view into our index cshtml here so pretty much the home page right and now I want to show you how you can really show specific information for the admin road so that if you looked in as an administrator you can see like hey admin or whatever and then you can think about your own custom logic first of all we have to make use of our identity so at the very top I want to write down Microsoft dot asp.net core dot identity that's very important because next up we need our sign-in manager and our user manager so let's inject our sign in manager of type identity user and as I said you have to make sure that you use your own user here if you are not using the identity user which is the default one sign in manager there we go and another one is inject user manager of type identity user again and as you can guess that's the user manager that we have already used right so now we can do that pretty easily now now we simply create an if statement so if user dot is enroll admin we can say like H1 hi admin right and else we can think about some custom logic it's a pretty default if statement right so if you are an admin you can do that as if if you are like a member you can do the following but that's just how you can show specific information High let's say non-admin or whatever right it doesn't really matter awesome now let's start the application again now let me bring it over and as you can see you can now see high admin and that's only visible because we are locked in with an account that has the admin role assigned so like this is already covering a lot of stuff regarding the identity and Roads and creating user accounts and adding user roles and all of that so yeah I hope you have learned a lot and if you like this video make sure to give it a thumb up and for sure subscribe to our channel so that you're no longer missing any upcoming.net and c-sharp related videos and for sure for asp.net if you have any questions please feel free to drop them below into the comment section and I'd be happy to see you back in the next video If you really take your c-sharp career series check out our c-sharp progress Academy because it's the fastest way on how you can progress as a c-shot developer foreign [Music]

Info

Channel: tutorialsEU - C#

Views: 23,012

Rating: undefined out of 5

Keywords: c#, .net, c-sharp, csharp, programming, visual studio, c sharp, learn c#, c# programming, c# tutorial, c# for beginners, learn c# programming, c# course, tutorial, coding, registration, authentication, authorization, .net core, asp.net core, asp.net mvc framework, asp.net mvc, asp.net, core, mvc, entity framework, dotnet, roles, asp.net core tutorial, asp.net core mvc, asp.net core identity, role based authorization in asp.net core, asp.net identity, razor pages, users, asp user roles

Id: Y6DCP-yH-9Q

Channel Id: undefined

Length: 19min 45sec (1185 seconds)

Published: Thu Feb 23 2023